NEWSROOM

MasterCard Plans To End The Use Of Passwords In Online Payments

Thursday, November 13 2014

LONDON | MasterCard today outlined on its vision for online payments beyond passwords, making life simpler for cardholders while increasing security.

A New Authentication Standard

The company has been leading the co-creation of a new authentication standard, which when adopted, will be the largest wholesale upgrade to online payment security. It will benefit consumers, banks and merchants alike, with invisible authentication and far fewer prompts for passwords.

Using One-time Passwords and Fingerprint

By 2018, payments on mobile devices are expected to represent 30% of all online retail sales and therefore the new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs.

MasterCard’s approach is to utilise richer cardholder data, which will result in far fewer password interruptions. In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.

Replace the 3D-Secure Protocol

Ajay Bhalla, President of Enterprise Security Solutions, MasterCard said: “All of us want a payment experience that is safe as well as simple, not one or the other. We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

The new protocol, being co-created with Visa, could be adopted in 2015 and will gradually replace the current 3D Secure protocol (the protocol used to authenticate legitimate cardholders in an ecommerce environment).

SecureCode, Voice Recognition and Cardiac Rhythm

Other steps MasterCard is taking toward a password-free environment include evolving its SecureCode programme to support the new standard, resulting in a smoother, simpler and safer experience for cardholders. MasterCard is also piloting commercial tests for facial and voice recognition apps to authenticate cardholders and conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm.